To ensure smooth and uninterrupted communication between VergeCloud’s edge servers and your main host server, it's crucial to whitelist VergeCloud’s IP addresses in your firewall settings. This step will configure the firewall to allow connections from a list of approved IPs attempting to access your platform. Below, two different methods are outlined for adding VergeCloud’s IPs to IPtables.
In this approach, you will need to add a separate line for each IP range listed on VergeCloud’s IP addresses page. The placeholder $ip should be replaced with an actual VergeCloud IP address in each line.
iptables -I INPUT -p tcp -m multiport --dports http,https -s "$ip" -j ACCEPTAnother option is to use ipset, which allows you to avoid manually entering each IP address individually. If ipset is not already installed on your host server, you can install it with the following commands:
sudo apt-get install ipsetyum install ipsetOnce ipset is installed, you can create a list of authorized IPs (in this case, VergeCloud’s IP addresses). The following command adds each IP from VergeCloud’s list:
ipset create example hash:net
for x in $(curl https://www.vergecloud.com/ips.txt); do ipset add example $x; donePlease note, after running this command, the list of IP addresses will be stored temporarily in memory. However, by default, this data will be cleared after a system reboot. To preserve this list, you should save and re-run the command after the system restarts.
After creating the list of authorized IPs using ipset, you can apply it in your iptables rule like this:
iptables -A INPUT -m set --match-set example src -p tcp -m multiport --dports http,https -j ACCEPTAfter applying the changes, don’t forget to save the modified iptables rules. You can do this with the following commands:
iptables-save > /etc/iptables/rules.v4iptables-save > /etc/sysconfig/iptablesThis ensures that the changes persist across system reboots.